Deloitte principal: Adopt a proactive approach for security

Irfan Saif

Mobile devices, social media, cloud computing, disgruntled employees, cybercriminals, rogue nations. These are just some of the points of vulnerability and sources of threat you can expect in 2011, regardless of your organization's size.

In that sense, 2011 will resemble 2010. But both years differ sharply from earlier ones, which is where many approaches to cybersecurity remain mired. Outdated approaches tend to be heavily compliance-driven, rather than risk-based, and reactive rather than proactive. There are better approaches, and 2011 is the time to adopt them if you haven't already.

The enterprise is more highly exposed. Mobility, globalization and extended enterprises blur the line between inside and outside the organization. A permeable perimeter cannot solely address today's attacks. For instance, rather than circumventing deployed security measures, attackers today will steal credentials and walk through the front door, masquerading as legitimate users. Add criminals' sophistication to enterprises' dependence on data, and you have a recipe for a new set of problems every day.

Speed is of the essence. Users and enterprises now adopt a new technology before it matures, and these may disrupt not only existing technologies and markets, but also existing business and security practices. Playing leapfrog on this track is a challenge, especially given the resulting war for security talent. Professionals with the skills to combat new threats are in short supply, and cybercriminals are quick to adapt to the newer technologies and often climb the steep learning curve faster than the enterprises they are targeting.

To address security threats in this environment, security pros must change their approaches. To match the nature of the threat, those new approaches should be strategic, sophisticated and adaptive. There are four steps security organizations are now taking to varying degrees to thwart these new attacks. These steps are most effective in the context of a cyberthreat intelligence program – a coordinated, well-funded, enterprise-wide initiative championed by senior management.

Take a risk-based approach. Prioritize data based on its value and on the likelihood and magnitude of potential losses. This enables security to decide what to monitor and how to allocate detection, mitigation and response resources. Tools such as adaptive authentication extend this approach to the front lines by assessing risk in a real-time manner and reacting based on available data.

Focus on business processes. Analyze transactions, interfaces, routes, users and internal and external processes that use data. By analyzing processes, you can understand risks at critical points and at new points as they emerge.

Leverage technology and automation. Consider technologies and methods for intelligence gathering and analysis to sift through the noise and correlate the information for your environment. These tools, as part of an active threat management program, can help tackle challenges, such as infected tokens, compromised devices and malicious software.

Consider cyberthreat management. Recognize that breaches, viruses, data corruption and other incidents will inevitably occur. Detecting them and minimizing their impact is at the core of threat management, which encompasses risk analysis, threat assessment, intelligence analysis, risk mitigation and effective response.
Organizations need time to change their approaches, but time is scarce in today's environment. In fact, cybercriminals' capabilities likely outmatch those of most of the enterprises they will target next year. So now is the time to recognize the ever-evolving nature – and danger – of cyberthreats and to redefine your approach to face them.